Equifax says only 8,000 Canadians affected by data breach

Equifax Inc. said Monday that it has revised down the number of Canadians affected by its high-profile data breach and now puts the number at about 8,000 customers.

The company previously estimated that some 100,000 Canadians could have had their personal information compromised before a forensic review by cybersecurity firm Mandiant found the actual number to be much lower.

The review adds about 2.5 million Americans to the list of those affected by the massive cyber attack, bringing the total number of people in the U.S. potentially impacted to 145.5 million.

Equifax says the review also determined that some Canadians had their credit card information hacked and will be mailing out written notices to all potentially impacted Canadians, but did not provide a specific estimate.

On a website update, Equifax’s Canadian division said it has not yet mailed out any notices and made clear it would not be making any unsolicited calls or emails about the issue.

Equifax first notified the public of the security breach on Sept. 7, though it said the unauthorized access is thought to have happened from May 13 to July 30, with Equifax’s security team catching the hack on July 29.

The company has said that it believes that hackers accessed Equifax Canada’s systems through a consumer website application intended for use by U.S. consumers.

Equifax is facing investigations in Canada and the U.S., as well as at least two proposed class actions filed in Canada.

The massive data breach has also led to a number of high-profile departures at the Atlanta-based consumer credit reporting agency, including its chief executive, chief information officer and chief security officer.